A client is a piece of software that requests tokens from IdentityServer - either for authenticating a user (requesting an identity token)
or for accessing a resource (requesting an access token). A client must be first registered with IdentityServer before it can request tokens.

An identity token represents the outcome of an authentication process. It contains at a bare minimum an identifier for the user
(called the sub aka subject claim) and information about how and when the user authenticated. It can contain additional identity data.

An access token allows access to an API resource. Clients request access tokens and forward them to the API.
Access tokens contain information about the client and the user (if present).
APIs use that information to authorize access to their data.